Consortium to Target Web App Security
Founding members of the new group include Application Security Inc., KaVaDo Inc., Sanctum Inc., SPI Dynamics Inc. and WhiteHat Security Inc.As part of an effort to crystallize the thinking and product-development around the nascent area of Web application security, a group of vendors will announce next week the formation of a new consortium meant to help define and promote standards concerning application security. Founding members of the group include Application Security Inc., KaVaDo Inc., Sanctum Inc., SPI Dynamics Inc. and WhiteHat Security Inc. Known as the Web Application Security Consortium, the group will make its debut at the RSA Conference in San Francisco. The groups initial goal is to create a classification system for application security vulnerabilities, attacks and other threats. Many of the attacks that are used against Web applications are quite complex and much of the terminology is outside of the realm of most security specialists expertise. The group hopes to simplify the explanation of things such as cross-site scripting that have become prevalent in recent years.
"Application security itself is very confusing. A lot of developers dont know exactly how these applications are threatened, which is why the applications are still woefully insecure," said Jeremiah Grossamn, CEO of WhiteHat, based in Santa Clara, Calif. "The Web security area is so new, no one knows how to address all the issues."